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($4) A method and system for managing a. data ©&|80t so as to comply with pmM&rmim& 
conditions for usage 



(S7| The prBsenr invention retsses so a ms&od and 
asysteffs tor r-Mn&ging « data o&jsct so as to cot ^pty with" 
pfsssiBfmifieci conditions for usage at the <Ma object, 
Jo control me usage of the m& obi®;:!, a set ot cisntroi 
data, sisssntn^ usages at *h« data object which corns iy 
wish fee pmiMarrtiinsdcDndiiiansJscfisafedtbrihedsts 



object The ;Ms object is concatenate;} with the user se? 
of control data, ertoypted and tfanstarrsd to tha user. 
When the «ser wants to use the cista object, s; special 
user program etseeks whether the usage eompte with 
the control data. If so, me usage is ena&secf. Otherwise 
It is disabled 
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Description 

Tecdnsp&t Pddd 

[OP01J Tr;e present mverstiort reiatss to dai& process- 
ing and rstore psrtleaiapy to a method -ana a sysfam tor 
managing data objscts so as Jo cornpty vrth preda-er- 
mined conditions tor usags. 

{OOQgij Mluoh has dees w&m recsrtffy mgardlng the 
pu??ie o' universal connectivity. A sypica! vision oi she 
data highway has Song distant high speed tfets carriots 
iniewRrtectirig r«g»r»i networks which, proviso tate- 
ccrorounicaiions services and a wide range of interactive 
ornm services so consumers. Msny ot.tna pieces are 
already m place, others araln development or tasting. :;rs 
tact, even. rho«§ft tne data highway ts under construction. 
It is currently open to limited traffic. Osvma services are 
springing up daily arid video an demand services are 
currently fcetrso; tested. 

108833 The potsntsaito benefttsocis.y is immense. The 
scope of information available to consumers wffl become 
truly giobai as tfts traditional bamers to entry for distri- 
bution of, and access to, sfiforros&or? ars tewarssi dra- 
matically "nls n-;«ans that more piv»rse and sp so iaffces 
information will de made- availadie just as conveniently 
as generic sources from major vendors used to oe. The 
sad resuit is ins; organisations and individuals w! be 
empowered m ways heratofora only imagined, 
faesMj However, a fully innollorung itestk highway w$ 
orify »e as valuable as tne actual services which it pro- 
vides: Services envisioned tor the ciaia Highway thai in- 
volve rhs delivery of data objects (e.g. books, slims, video. 
n&m, music, software, games, etc.) wiii da aad are cur- 
remiy limned by the availability of such objects. Library 
and educational services are sltniiariy affected. Before 
owners wiit aKcw their data objects ie ba oifersd they 
must be assured of royalty oaymems and pfoteetxw tram 
pfrs;;y. 

10805] Encryption is a key cop-jpooept ot any solution 
tp provide espy protection. But encryption alone ;s not 
enough. During transmission and storage the data ots- 
iscra wiii be protacrsd &y encrypripa, four as soon as sn- 
yms & given ine key ;o decipher Ida content da wiii i;ava 
pafimiT.gd comroi wo? it Sioce rhe .digits! domain permss 
oata objects; tc de raprad^cad in uaiimitad quai^stsas wan 
no ioss of puaiiry, aaob cbjact wis need to Be protected 
from antirniiea use snd ^authorized raprodnction ana 
?^aa!e 

[OSes] Theprmectson problem mast oar ba solved by 
a separate soiuiico for each particular data format be- 
cause span tne progress' wi8 indeed bo -slow. It is impor* 
im\ So cer.sidsf ihe efiecil a? isiBf.rfardizaiiar: on an indus- 
try. Copsider now the VMS, tde CD and she DAT formats, 
aad 5hs IBM! PC coffipaii&iiity sfaadards have sncour- 
aged growsh in vnmt respective industries. However, if 
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tders Is to be any type of star>darol2at:on, she standard 
must provide universal adaptabtiisy to the needs of both 
data providers and data users, 
10007] Trse data objocs owner may wont to have mt* 

s maneist ■secure asrrSroi over daw, wften. wdere. and by 
whom his property is usso. Fi-trsermore, he may want 
to define deferent rtiies of engagemerss for aiff ersnl types 
of users snd different types of security depending on she 
value a! padiaslar obiects. Trie rules defiaeci by nini shaii 

«» govern tde automatsd operations enabled by data serv- 
ices end neivuwRing. Tna owner- nisy sisn v»ent r.o sell 
corrspossta: objects with different rules governing each 
constituent object. Thus, it is necessary ro be abie to 
implement V3siat>ie and extansifoia ooatrof. 

>* The user on dis part wa.nfs to Oe able to search 

for and purchase data objects in a canvaalerit manner 
ft desired, trie user should be aofe to combine or eas: 
purchssea ;;b|a<;ss (i.e. far creating a presentation}. Par- 
tdermore, tr-a user may want to protect nie ohiidren from 

^' inappropriate materiel A oomplsts solution must snasle 
these needs as weii. 

[SOdgJ What is needed is a sniversaiiy adapiabis .sys- 
tem and method for managing the exchange arid usage 
of data oojects white prot^ctirsp. tbe interests of date ob- 
is» iect owners aad users. 

War Art 

fSOt 01 A rootbod for enforcing parent of royalsias 
& when copying sofieopy books ss deschbed m the Euro- 
pean patent application EP 0S6? 800, This method pro- 
tects a formatted text: stream of a structured document 
wbioft includes a rcyaify payment eieoient having a spe- 
cial tag. Whan me formatted text: stream Is inputted In 
os the user's data processor. Site test stream Is searched to 
identify ins royalty payment element and afiag Is stared 
In {he memory ot the data prccessar, When the -user for 
instance requests so phot the oooument, the osfa proc- 
essor requests autftorfeaSon for this operation from a 
*? second data processor. The second data processor 
charges the user toe amount tncslcsfed In the royalty pay- 
ment element and man f raosmifs the authorisation to tne 
first data processor. 

100111 One serious limitation of this method is that it 
car; oniy ba applied to structured documents Tde de- 
scription of the above-meri-icned Ecnsaean patent appli- 
cafion denies a sfruofured document as: a document 
prepared in accordance with an SGfviL-eoutpHsr;; type 
definitiofi. in older words « can not be applied to docc- 
ments which am not Sfafvil. cornpilant and st cannot be 
applied to spy other types of data objects, 
100121 Furthermore, mis method does not provide for 
variable and extensible control, Anyone can purchase a 
softcopy beak on a CD, a floppy disc or too like, and the 
i5 same royalty auiourit Is Indicated In the royalty payment 
element of an softcopy books ot tne same title, 
180131 Thus, the method described In EP 0 58? 800 
does no- satisty the above-nienttoneo reQuirements for 
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mtomeity adaptable prcstecdoo of m& objects. 

|0014| Accordingly, it is a first object of rb* invenikxs 
to provide a method and a data processing system tor 
managing a data sbjecl Irs a rtwmer shat is indepsndanf 
of the fomiat and the structure thereof, so as to comply 
s»ah predemrmined conditions for nsage consrol ana roy- 
alty payment. 

COOtS] it is a further object or toe invention to provide 
such a method and system which universally adaptable 
to- the needs of sot?; the mmt and the user of tne- aata 
object. 

fOOISJ A ftsrtbs? ODjeet of the invention is to provide 
sues? a method and system which enables a data object 
provider to distribute his o'asa obieet while maintaining 
control of the usage iftereof. 
|0D1 7| Yst another object or 8» invention is: to provide 
ame'hodand system which allows s data object provider 
to -select the level of security fordls data object in a 
way, 

|08183 ¥st aaother object o! She Invention is to provide 
such a method and system which makes it possible to 
establish an audi* trail for the data object. 
{801 S] Yes anoihar object is to provide such a method 
and system which mases it possible to seli ana boy ciata 
objects « a sseom way. 

The above -mentioned objects are achieved by 
a msiijod and a system having ma features of claims t, 
18.21,24 and 2?:. 

|i3021] Particular embodiments of the inventions are 
recited in the suhciairns. 

I<m2} More paribuiady, a data object provider, e.g. 
ths owner of a data object or hie agent {broker), stores 
the data object in a memory csavica, a. g. a bulk storage 
device, where li is accessible by means of !he data pro- 
vider's data processor. The data object can consist of 
digisai data., analog data or a comb inas son or Hybrid of 
anaipg and digital data, 

[0023] A general sei: of control data* which Is based on 
the oredstermifieo conditions tor usage of the data ob- 
ject, is created and 'stored in the same memory device 
as she data object or another memory device where it ss 
accessible by the data provider's sate, processor. The 
predetermined conditions for usage may be defined by 
the data object owner, oy tne broker orby anyone else. 
Thay may differ between different data, objects. 
P024| The genera! set of control oata comprises at 
•east one or more usage eonfrol elements, whfen define 
usages or the data object which comply with the prede- 
termined concisions. Ttje.se usages may encompass' tor 
instance tits kind ot user, a, finis iisrsi for usage, a gec- 
gs-aphicai area tor usage, ailowed operations, such as 
makiijgahara copy *>f the dsataosjjac! or viewing Is, and/or 
oiaini to royaity osymem. T'ne gsnsrai set of coos-oi data 
may comprtse o-har kinds of consroi eiemerits tsesides 
«?« usage control element, in a preferred, emfjodimsnt, 



the gsnerai set o? control cista comprises a security cen- 
tre! elsniem which defines a ssecudty pfoced«?® mkifo 
has so ire carried out before n sage of the dara object, it 
eiso comprises an identifier, which ortiqu«iy identifies 'he 
s oaneta: set of control data. 

The general set of controi dasa Is concatenated 
with a copy of -ha dais object. Thus, the concordats does 
not reside in the data object, bet outside it, which makes 
the control data independent of the format of and tne kind 
?<> of dsia object and which allows for osage conlto! inba- 
pendentiy of tne data object format. 
[00203 A! ieasf the usage corstroi siementfe} and the 
data onject am encrypted, so thaf tne user « unable to 
use the dais objsct wifhoijf: a mm pfogtaro whfeh gar- 
's toft-ns the usage oo ntrof and which decrypts the data ob- 
ject AitemaJivsly. s:he whole ses of consrof data and She 
copy ct she data cbssci may be encrypted, 
(8(527j A user may request aorhorizaflon for asaga of 
a data object residing as a data provider's processor via 
^ a data nafwork or in any other appropriate way. The au- 
•thofisate may or may not faquirs paymens. What! a ra- 
cusst for aothcrisatiofi for usage is received, a user set 
of cotilrol data is craated by the dasa providers proces- 
sor. The user set of control date eompiises the genera! 
ss set of control data or a subset thereof inciuding at teaat 
one of said usage control siemsnfs which is reiavani: for 
she acfuai usee h typicaiiy a;ss induces a new identifier 
which unidusly idssjfifies this set of control data, tf re-is- 
vant. the user set of control data also comprises art indi- 
uS cation of the nornber of usages auSrscri?ed. if mora than 
ens fcind of usage is authorised, she number ot each kind 
of usage may be specified. Pinaily, she user set of control 
oata is concatenated with a copy of the data object, and 
a; least the linage control elemeess and tne copy of She 
ss data object are encrypted tc create a secure data pack- 
age ready for transfer to the user. 
p£28j Before the data package is transferred to the 
user, It should oe confirmed that the request for author- 
ization for -jsage has been greased. The check is prefer- 
■*o ebiy carried cut before the user set of control data is 
create;! However, is: can aisc be earned out in garalle! 
with or after she ore-alien ot she user control dasa, in the 
latter case, the number of usages requested cy the user 
is teniahVefy authorized and included in Sfss user set. bet 
■** if the rsgusst is refused the user set is cancelled or 
changed, 

(0033 The data package -nay ce transferred to the 
user by electro* means or stored on bulk storage media 
and transferred to she uesr by snail or by any suitable 

-f-c rransportan'on means. 

pS03«Q Once the data object: has been packaged in the 
above-described manner, It can only be accessed by a 
userprogram which hasboiit-in usage oontrof anOmsans 
for deryptiug the data package. The user program wifi 

55 only permit stages definsd as acc;eptabie in ths control 
oata. Moreover, it the- control .ds& comp-hsss a secprlty 
conifoi eiemens, she seenrity procedure prescribed there- 
in hast o be compiled with, in one e-rsbeoirneni. the usage 
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centre*! may oe pe^mied as foiiows. S the user decides 
to use a object. tn« user program obsess ;hs control 
data to s«« it «hb action is authorised. Mors p&rtiosiariy, 
it checks fosse ths number of aatnorij:sd usages ei thus 
kind is one or mom. if so, U?«s action 5s srasfcled and she 
number of aatnorraso" usages decremented tsy OUt- 
esrvwso, tfto action <s imartupisa tsy ih« user program and 
the user may or may not be given she opportunity to pur- 
chase rhe ngnt to complete the action. 
|0831j Alter ths usao,s> ih« us*r program repackages 
the daia oojeol In the same manner as if was packaged 
before, 

|0032] When a data ob;sci is redistributed by a user or 
a broker, nsw cont.ro! elements are added irt the control 
am -to rsfrscs tns nation oetwaen it® m usembroker 
and ths n«ssv assrrbroisof. hi this way. an audi; trail forthe 
data object may b* creates, 

[06333 According ro another aspect of tha invention at 
least two data packages are ssorsd on a user's data proc- 
essor, which examines ihe usage centre! eiemeojs of trss 
data packages in orator so find a rnatcb. it a match is 
found, the user's data processor carries owt an safari 
which is specified in ths user s«5 of control data. This 
method can be used tor selling sod buying m& objects. 

=00343 

rig, t is a tiow diagram showing the ge.nsrai data 
flow according to tne invention. 
Fig. 2 is a system block diagram of a flats object 
provider's data processor, 

Fig. 3 is a blues diagram showing the differerrt mod- 
vtm of a data packaging program according to the 
invention. 

Pig. 4 is a data flow diagram of a data packaging 
process, 

Fig. S is an example of a header hie. 
Pip;. 8 is an example of a usage data file. 
Fig. ? is a data flow diagram of loading au objees to 
ths data object provider's o^ata processor. 
Figs 8a and 8b are exampies of control data for a 
data object on ths data object provider's data proc- 
essor and tor an object rsady to bo vmn$®mti to a 
user, respective*;', 

Rg. 9 is a data flow diagram of m& packaging on 
ths oafa object provioeks dsta processor. 
Fig, 10 is a how diagram of a data packaging proce- 
dure. 

Rg. 1 1 ?s a memory image of a data object ana its 
coniro) data 

Fig, 1 2a is a rwnory rmags o! the eoooaisoaied con- 
trol data and cata ooject 

Fig. 1 2is is a memory image oi the concatenated and 

encn/piea coatroi data and daia object. 

Fig. 13 is a system block diagram of a user's data 

processor. 
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Fig, 1 4 is a bSoek diagram showing the different mod- 
ules of a user program according to the invention. 
Fig, 15 is s flow dssgrstr: of using a data oojsct on 
the user's data processor, 
s Fig. 16 is & Sow diagram of how the oser program 
operates in a specific application example. 
Fig. i ? is an exampie of various daia package sfme- 
imts for c-oonposlte objects, 

>s (0O3S) Fig, 1 is a flow diagram showing the general 
data flow according to ths ifivantlou. The flow diagram is 
divided Into a data objectprovibarpsil t and a user part 2. 
[8036| i« ihe data ofojeot provider pad 1, a data obja« 
34 is created by an author. Ttie data objec5 can consist 
^' of digital data, ana-op: data or a combination or hyortd ot 
analog sod dlgiiai uata. The primary difference tsatwesn 
analog data oojsots and digltai data ot>jects m the means 
for storage, transfer and usags. 
((503?) The author sfso determines the conditions 42 
is» for ths usage of the data object 24 by a user The data 
object 24 and the usage condition* 42 are Input so a data 
packaging program tg, which creates a secure data 
package 40 of the data object and of control data which 
are based on the snout usage conditions 42. Once pack- 
s' agsd in riiss way, the dasa otsjsct can only be aecsssad 
oy a user program. 35. 

[30383 Th® data object may be packaged together with 
a genera! set of centre: data, which Is the same for ail 
users of she sata oojeci. This may be She case whan the 
as data object is » a resaiisr or a buiieiln board, where- 
from a usar may obtain It The data object may also be 
packaged as a oonsoouence ot a request f rom a user for 
usage of the data object m that case, the package may 
include contrui daia which Is specifically adapted to that 
■*n user. Tills eoetatf data is caned a user set c? eomrot data, 
ft may for example comfjrlse ths number of osages pur- 
abased oy the usee Typioaiiy, the user a et of control date 
wlit be created on the basis of the general set of controi 
data and include at isasf s subset thereof. A user ss- of 
■** coasro; data need not always be adapted for a specific 
user, All ssss of control dasa which are created on the 
basis of a general set of control data wilt be oaiied a user 
set of controi data, Thos, a ssi of coniro! daSa cat; be a 
general set In oris phase and a usersef in another phase. 
as [80333 Tno above -mentioned data packaging cars be 
carrsed oof by the author himself by means ot the daia 
packaging program • 9. As an alternative, the author may 
send his data objeci to a oroher. who inputs -he data 
object and the usage conditions detemti ned by the auihor 
55 to the siata packaging program 19 in order to create a 
secure package 3, The author may afso sell his data ob- 
ject io Site broker, in that ease, Ihe broker probably wants 
sc apply bis own usage conditions to the data packaging 
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program. The author may aiso provide the <te oujeeurs 
a ssears package to the omfcer, who repacksgestfte dais 
object and acids tuttfwsr conirot oasa which js relevant so 
ttis business actMSes. Various combinatlofss of the 
abovs attsroattves at* asso conceivabia; 
1,0640] iti tna user pan: 2 of i:hs flow diagram ins secure 
package 40 ® received by a sjser- who must ijsethe user 
program 35 m order to unascKsgs 8te secure package 
40 and: obtain $rm o'ara object ir- 3 finat tonTi SO for usage. 
Attar, usage. me data object ;s repackaged Malm secure 
package 40. 

JS041 1 The different pads of the system and the dff?*> 
em steps of ths rnsshod, according to ths invention »i 
now tse d-sscrlbed in mors deia«. 

The dal& pmvidar's date processor: 

[0642| Pig. 2tss sysfen? block diagram of a dsjta object 
provider's <$m processor. As mentioned above, the data 
odisct provider nay bs art- author of a data ooject. m 
owner of a data object, a broksrof a das a object or anyotsa 
s&a who wants to dsstrt&uts a data ofe|sct. while retaining 
•ha eontroi o? lis ussgs. The data processor is a general 
or special puspose processor, preferably with network 
capsbiittiss. it comprises a CPU 5 P. a memory i 1 and a 
network adapter 12, wh;ch ara interconnected by a Pus 
13. As shown in Fig. 5, ■other 'conventions! means, such 
as a display i 4, a keyboard 18, sprinter 16, abuikstorags 
device 1 7, and: a FlQM 1 8, may also ba connected so ths 
bus 13. Ida memory 1 i stores network arsd telecommu- 
nications programs 2 f andan oosratinp system (OS) 23. 
Alt ths abova-rrteritoad elements ars well-known te she 
skilled person and commercially avaiiaPie, For %&pw> 
pose of the present invention, the memory 1 1 aisessorss 
a data packaging program W and, prefera»fy- : a database 
SO irtfsndad for control dsta. Depending upon she current 
operation, one or more data obieas 24 oars be stored in 
ths memory ft as shown or in ths p<j!k stonsgs i ?. lbs 
daia provider's data processor is considered securs. 

Ths Data Packaging Program: 

£0043] The data packaging program 1 8 is ossd for ers- 
ating cor ttrol dataforoontroiiing ine usage of a da-a object 
and for packaged the csa^a obisc; ano ihe control oata 
into a saeo re package. 

10844] .As shown in Fsg. 3v it cornprisas a program con- 
trol module 30t< a user interface module 302; a packag- 
ing module SOS, a control data creation module 304, en 
encryption module 365; oris armors* onxBtinodulgs 368. 
and one of mere security modules 30?. 
C004S] Ths eontroi mco'iJie 30 • conf rois ate ejection 
ofthe otharmoduias. Tde ussrintstfao^modyie 302 ban- 
dies interaction wsih she sfata cbioci prov;den The pack- 
aging modnia 303 pacKagss ihacofssrol data andshedata 
object, it uses ths cootros data orsation modnss 304. the 
format rnodsjies 308, the secorisy modutes 307 and ths 
encryption modaie 305 as v^iil oa dsaoilbed more in detaii 



below, 

[00483 Ths format moduies 306 comprise program 
cade, w«ch is required to handie the dasa objects in their 
native format, Theycsnfu^itunctionsswcriasrfstactjm- 

s pressioij and data conversion. They cars he i-riplerns^tsd 
by any appropriate, commemfeSy avaiiaPie progrgm, 
such as by sriaans of a routine from she PKWABE Inc. 
Data Compression tiorsay for Windows and ihe Image 
Aschemy packagf; from Handrnacss Software •ncorporat- 

'« ed, respective iy. Tbgy can also oe srnpiemensed hy cus- 
tom designed programs. 

[0047] The security srsoduies 307 comprise prograsv; 
cods rsqutrsd to imptomrtt secuhxy. such as mors so- 
phisticated encryption than what is provided by- the en- 

rs cryption modufe 305, authorisation eiooritbms, access 
centre; and osage eontroi, above and bcyoed the basic 
security wx&fm in the data package. 
{0048] Toe packaging program 1 S can contain 
many MmMtWGS of both format and security fwoflutes. 

^ Ths program control moduie 30'i applies ma format and 
security modijies which are requested by the data pro- 
vidsr. 

[004^] The sncrypCor • module 305 may be any -appro- 
priats. oomsTiCi-ciaiiy avaiiabse moouie, soch as Ttie- 

ss Crypt ■ Vises- Basic subprograms found in Crescent Sofs-- 
ware's QuickPak Professionai for Windows - FILE- 
CRf'T.BAS. or a custom dasigoec.1 ancs-yption program. 
(0*58] The corsiroi daia orsation module 304 creates 
the control oasa for controiiing she usage of f he daia oh- 

& ject. An essampie of a centres data sir cetera will be de- 
sosibed more in detail below, 

3$ [0051 j Ttse ooi^roi data can be stored in & header f:ie 
and a iisago data fits. In a prefarrad emhodimsnt, the 
header Sfie comprises fields to store an object idersliher. 
which uniquely identifies the oomroi dsta and/or iss as- 
sociated dasa otsiect, a tlsle, afomsai oode, and a. security 

*? code. The format code rosy represent the fonnat or po- 
sitioEs rsf lioids in fhe usssgo data file. A-tsmaslvaiy, ths? 
tonrtat code may qeslgnata one or more format modules 
to bs usee! by fhe aa'a paoKsgs^g progrsm or she user 
program. The security code snay representee encryption 

■** method ussd by the encryption modute 30S or any sscu- 
rrty module to be used by ?ha dasa packaging psograr-? 
and ths user program. The header file fields wsii bs rs- 
fsrred so as header aiemesits, 
[0052] The wsage beta file cosnpri&ss at least one field 

as for storing data which oonsrois usage of the oasa oojeot. 
0 he or ■mors usage data fields whiah represent one com 
dision for fhs usage of the eafa ob)eci will be rsferrep: to 
as a usage eiasrsent, lo a preferred amPodsrneai, each 
u sage e Isme at is rjsfi ned: srry an ids ntif is r field . s . g a serial 

55 number, a sks Hold, which specifies the size of s he usage 
element m bytes or in any other appropriate ■way. and a 
dssta field 

[O0S3J The header eies^ents end the usaoe eiesnents 
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m control elements which coram! aSi operations feiatjng 
to the usage of she object. Tns number of somroi sie- 
rnents ts unUmtted, The data provider my oeBrsa any 
riistttt of oontroi sismsots So repfssestt nfe predeter- 
mined conditions of usage- of the data abject. The only 
mmsm is thai the- dais packaging program 1 3 srtd-tns 
user program 35 must have e^spattbla- program cods so 
hsndie ail fits- control elements. Ibis program cods re- 
sides in the packaging'rrsan'uts arid the usage manager 
moduie, to be described bssovv. 

Conirofeisn-ientscaneontaln data, script orpm- 
gram code which is executed by ma user pr ogt am 85 so 
control usage of ins reiated data ooject. Script and po> 
.gram. coae can contain conditional statements am* she 
iif® wbSen. era processed w;tr> the relevant obieet and 
system parameters on the user's data processor. St-would 
also be possible to use a control element to specify a 
specific proprietary user program which caa oniy be ob- 
tained from a p&tiaiW broker, 
IpOSS] it is svsdsn- thai tns catml data structure ds- 
scbbedabove is-fcsjtOfieex&mpJe. TheconttoS data struc- 
ture may be defined in many different ways with afferent 
control elements, for example, the partitioning a' -ha 
ooatroi dam in header data abd usage data is not mart- 
oatory. Pijrtoofrnore, the control aismsrsts mentioned 
above are but examples. The control dais ttxtmt may be 
unique, e.g. different for different dam providers, or ds- 
fined according to a standard, 

10058] Its o op oratsc n o? a fast ernoodiroe rtt of the data 
package program m now be described with reference 
to the biock diagram of Fig. 3 and the.iiow diagram of 
Fig. 4. 

[0»fT?| Firsr a data provider creates a data object ana 
saves it ta a fife, step 401. When the data packaging 
program is- started, step 402. the user interface module 
302 prompts she data object provider to input, step 403, 
ere header information consist^ of e.g. m ofeiecr RJ«o- 
iifrsr. a iiite of tire data object, a fanTiat coda spedfying 
any format moouie to be used tor converting ihe formal 
of the data object, ana a ascurity oods spaoifying any 
security module so be csad for adding tuaher security .to 
ins data object, Furthernriora, ths asor inserfaoe rnoduis 
302 pforrspts the data obisct provider to i-'spta usage in- 
formation, a.g. bis condiiioos for ate risags of tna data 
object. The usage information may comprlsa ins kind sf 
user who is eoihorised to i»e the data object, the price 
for different sages a? the abj-aot etc. The- fteartef infor- 
maiion «ad me usage informafioh. which may be entered 
in riie form a? predetermined cades, is then passed to 
the control moduis 301, which caiis the packaging mod- 
ule 303 and passes ths iafon-nahon to ir, 
l<mSl The packaging module 503 caiis the control da- 
taorseviion medals 304, which first creatss a header fits, 
then creates header data an the basis at the header its- 
■fcifoafloh eraered dy ihe dssia clsjeot provider and finatiy 



stores ths header data, step 404-405. Then a usage data 
fits is creatad. usage- data created art tne basis of trie 
usage ihformaiian entered by the data provider; and fi- 
nstiy tns usage data Is stored m the usage ma his, step 
* 406-407. 

(0858! The packaging mosufe SOS tnen apptias any 
torrn&t and security modcies 308, 30? specified in the 
header file, steps 408-413, to the data object, 
[06802 ^«5«> '8>e pactcagifig raodaie 303 concatenates 

?f the usage data file arid -he da-ta object and stores the 
fssstias a temporary fise. stop 414. The packaging mod- 
ule 303 calls the encryption rnoduie 305, which encrypts 
the temporary tiis, step 41 & Tna tevei of seearlty wlfl 
dapend: somewhat on the quality of ;hs encryption and 

>s key methods used. 

fOftSIJ Finaliy, the packaging arodtiia 303 enneate- 
nates the header file and the encrypted terr-porary fi-e 
and saves the resufi as a single fife, step 418. This final 
hfe is the data package which may >x<*< be distributed by 
tits transterover a network, or on storage media such as 
CD-ROM or diskette, or by sores other means. 

[>;rnoa ; 

its I60S21 An exampfe of haw the daia packaging pregnant 
1 3 can be used will now be described with rsierence to 
Figs 5 ana s irt this ejtarnpis the data object proyxfer Is 
a computer graphics artist, who wants to distribute an 
image that can fee used as clip art, Put oafy trt a document 
& or 'lie which is packaged according to the method of she 
invention and whicrt has usage conditions wmch oto not 
permit funhar catting or pasting. The artist wants to pro- 
vide a free preview of the image. Out also mm to be 
paid on a par use basis uniess the user is witting to pay 
35 a rathsr substantial tea tot uniimrtsd use. The artist wifi 
hanots payri-ent and usage authorfeahon on a asal-up 
line to fsls data processor. 

[»Q63] The artist uses some image creation apptica- 
iksn, such as Adotse's Pi-otorrhop to creaie his image . 

«» Trte artist then saves the image to fsss in an appropriate 
formatter distribution, sruch as; the Grapiiksif interchange 
Format fQIFf. The artist then starts hie data packaging 
program ana enters an object identifier, a title, a format 
code and a security code, which in trtfe e»ampte are 

*t '•r&ssmr. "image". "a", and "b*. respsctivety. in this 
exampte, the format code "a" Indicates that no forma* 
cods need fee applied, ana this cads Is ssisctsd stace 
the GSF forma: is appropriate and already compressed, 
Furthermore, the security code V- indicates that no se- 
curhy rnodute neect be applied and this ooae is satecfad 
since the security achieved by the encryption performed 
by means of the encryption moduse 305 is considered 
appropriate by the artist, 

[06842 Then the arSst enters his dtai-up phone number. 
45 his price for a rslngfa use of the Image and for unlimited 
use of the data object, a code tor usage types approved, 
and for number of usages approved For this purpose, 
the user interface module 302 may display a data entry 
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C80S8] &4\m, another- srnbodlrnsnt of the data pack- 
aging program igwHt be described with reference to Figs 
?«"!2b. In this example, the data object consists of a video 
tiire. which is created by 8 f8ro company and sent so a 
broker together w8h the predetermined conditions 42 for 
usage of she video. Tbe broker loads m video 24 to she 
bu& storage 1 7 of bis data processor . Then, ho .uses his 
o'aia packaging pro-am }9 to crests a gerssrat ses of 
centra} data 50 based on the predetermined ccnxMnns 
42 for usage- m&emt by tfts f llnvsompsrsy. Furthermore, 
the adaress so trie vfcteo m the buitc storage 1 ? Is stored 
in as address table in the control database 20 or some- 
where eiss in the memory it . ft miM aiso be stored in 
tae gssierat sat o! ccntr oi data 50, Finally, ifta general est 
of control data 50 is stored in the control database 20. if 
couid aiso be scored somewhere else if: she memory 1 1 . 
After these opinions, which correspond to steps 
401-407 of Fig, 4. she data packaging program is exited 
l&mi Fig. 8a warn, the §sr»eraf sat of control oata 
for she video eocoro5rsg so this exampie. Hers the consrsi 
beta Includes an identifier, at ormat code, a security code, 
the rasrr»ero?us»o#«iemeftts,tnesize of the data object, 
the sfce of the usage-etements and two usage elements, 
each comprising m identifier field, a sse ftsfd and a oata 
field. The identifier may be a unlqae number m a series 
registered, for the particular broker, in this exampie, the 
identifier is "i 2345S7S9" : the iotrmt code "001 0", which, 
irt th:s ©cample, indicates rho format of a AVi video and 
tne security code is "001 9'. Furthermore, tne firsr. usage 
element defines the acceptable users for m video and 
the second usage element data defines the number of 
vis wiogs of the video purchased by a user. The first usage 
•element data is t swiicMortfie purposes of ibis-example 
wiii signify that orsiy education oriented asers are accept- 
able to toe fiinv company. The oata fleid of the second 
usage element ciefei is empty, since at this ssage no -s 
ings of 8\e vioao has bean purchases. 



MMSim.^^.l£§swfer: 

[OO?0| The broker warts to sransferctsta objects: to us- 
ers sod srispis controiied usags? in return for payment of 

s usags fees or royalsies, Mansgif-g the bfoker-oser busi- 
ness fsiatiorsship and nesohaslrsg the transaction .be- 
tween the broker and the user can bom be automated, 
and ihe control siata sf ructare cats; provide unlimited sup- 
port so trtese .csperafions. The payment can be handled 

?« by fransntiftirsg credit card Inforrrsasion. or tise user cars 
have a debit or credit account wltn im broker whten is 
password aotivaied. Prateratoly. payment should becosv 
firmed befon; foe date object Is transferred to the user 



|00?1| When a user mm to use a bata obiact, he 
consacte the broker and requests authorisation for tssage 
of the bata object. When the request for authorisation is 

& rscsivsd in the brokers data, processor, a data program 
compares She usage for wfjfeh authorisation Is requested 
with the usage centre! elements of the eomroi date of the 
data object to see if tt complies wish she predetermined 
conditions for usage indicates therein. The eorripansoo 

is» may Inciude comparing the user type, she usage type, 
the number of usages, the price etc. if the requested us- 
age complies wish me predetermines conditions she eu- 
tfwraaiiw is gfartasJ, othervviss it is resected, 
P?b?2] Fig. 9 is a. eata f tew .diagran of the data pack- 

& aging on she broker's data processor, which occurs in 
response to a granted request fron's a user tor auiftorisa- 
rion for usage of tne video. ClO. e gmnted: .request forthe 
purchase ottwe \'iewihqs. 

[{fb?3] irs response so a granted request, the broker 
again applies the data packaging program 19, Tim gen- 
eral set of oontfoi data SO and the data object 84 are Inpus 
to tire prog ran; from She contt oi database 20 and tire bulk 
storage 1 ?. respectively, The program creates a user set 
sf control dasa 80 en she basis of the general se; of control 

■*s data: 60- and concatenates the user set 80 and the data 
object 24 to create a secure dasa package 40, which may 
then be transferee! to the user by any susabie means. A 
copy of tne user set of contra; data is preferably stored 
in the broker's contml database. This gives the broker a 

■** record with which to compare subssqusnt uss, e.g. wnen 
a dlai-up sa rsquimd for usage. 
(8074] Pig, 10 is a fiow diagram of an essmpla-y pro- 
cedure sjsed for creasing a user set of oonsrot data and 
for packaging the user sat of control data and the: video 

ac into a secure passage. Here, the -procedure vvltl ce de- 
scribed with reference io the genssai sat of contml data 
shown In Fig 8a. 

[00?$j The user set of control data SO, La. a set of 
contros data which Is adapted to the specific user cf this 
55 example, is created In steps 1001-1 003 of Fig. 1 1 . First, 
the general set oi control data 50 stored ;n the control 
datacase is copied to create new control dasa. step i .00 1 . 
Second, a new identities here : 't 23458790°, which 
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uniquely idenstfiss she user.se; steam* data. Is stored 
'whs xtemSteth&a ot*he rwawoomw cftna 60. s'ap 1002. 
Third* m daia fiekS oi trsa saeomJ usage element is up- 
dated wish tne usage purchased. >.e. m this example with 
two, since two viewings of tha vtdso wets purchased, 
step ■1003. 

£0078} The tPsjs-creaied user set afeotsroi ciaia, which 
corresponds so the generaS set of control data ot Rg; 8a 
•s shown irs Pig. fife. 

|C0?7j Ttis user set of comroi dm is stored m the con- 
tra: datgiaase 30. step 1 004. Then, me video, wnteh is 
stor&d in ihe bulk slorags 17, is copied, step 100S, Tne 
copy of tha vidso is concatenated wars the user sat of 
control dasa, step 1 008 . The securitycsda 001 0 specifies 
that «vs enm data package 40 <s to pe enctypsed and 
that tne usee program 35 must contain a key which can 
da applied, Accordingly, she whofe <tm package ss en- 
e;ypteo, step ISO?. Finally, ins encrypted data package 
•s stored or a storage medta or pssssd to a network pto- 
gram, step 1008, tor further transfer is tne user. 
£6073] Fig. 1 1 is a memory image ot ti-s video 24 and 
tne user .centres m& 60, T-he user control data ana a 
copy of She video 24 are concatenated as shown* In Fig. 
\ 2a. The sftcwoa dasa package 40 1$ mem In Fig. 1 2b. 
£6879] The proomim of Fig. 50 can fee smpsemented 
by the data packaging program of Fig. 3, As an aiternaSivs 
to ttte procedure of Fig. 10, s:ha user sat of control data 
can ba created as in steps 1001-1003 and saved tn a 
heaa«r file and in a usage data file, whereafter steps 
408-4 1 6 of »>e date packaging program of Rg, 4 can Ds 
performs^ so &m& the tecum package, 
[OOSQ] The above-described prcmssfor creating a us- 
snadaoted set of control data may ma de used by a 
user who wants tcs feoistrlbttte a data object or by a broker 
who warns to distr louse the dais ooject so other brokers. 
Obvioasiy, mcfistribulioa of tne data objeas reguires that 
redistribution is a usage approved of in trse control data 
of shs data object, if so, she user or she profcer creases a 
user sei 0? coraroi iMa foy adding new contra) eisr nanss 
and possidly changing the data fleids of old control -ste- 
mentto- rafia«a ttts f«iatbn fsetwaan iha aaihor aad -ha 
ourrens aser/droksrand bssween she cwm ussdoroker 
and tne future usar/brokar. In this way. an audit srai: is 
crsesod. 

B!!r.M';?C'L*i*di_ pj^cessor; 

£8081} The user's o'ata procassot, wiiioh Is siwim In 
fig, 13, is a genera! orspecia; purpose prooescor, praf- 
as-aaiy with network oapadiiihas. ff fjompfisas a CPU 28. 
a memory 2S. anb 3 nstsvork adapier 27, wnloh ara in- 
teajonnaoied by a bus 38. As shown in Fig s3. ofhar 
coovensiooai means, soon as a display 29, a keyPoarb 
30, a printer 31 . a sonad system 32. a &<M 33, and a 
Ouik storage device 34, may aiao b» connected to iha 
bus 2&. Tbs memory 28 stores rsewwk and isiecormw- 
nscefions programs 3? and en operating sys-eni (OS) 38. 
Ai! tia abeve-mensioned eiemeafs are wee-known to the 



skiiied pereon ana comnierolaiiy tmmte. For the pur- 
pose of she prassnt snvantson , the memory 28 siso stores 
a user pro-am 35 and. preferabiy, & database 38 irsensS- 
eci for the eontroi data. Depending upon tne currant o$>- 
s sratsoii, & data paefcaga 40 can be stored tn she msfrsory 
26, as shown, or at the fcuw sforaga 34. 

!Mjr:§^.szssim; 

?» £ftS8g| The user program 3$ e&mrois the usage of a 
data objsot In aoooraarica with toe ajntroi data, ^fpioh is 
included tn the data package toge-hsr witn ihs da-a ob- 
ject. 

[S883| As shewn in Fig, 14. tha user progr&fn 35 txm- 
>* prises a program centre; moduie 140? s user interface 
module 1 402, a es.xga manager rneauia 1403, a eoniroi 
data paraermoduSe i 404, adectvptton mociuie 1 405. cue 
or mora formai modtiiss 1 408. one .armor® security mod- 
uias 1:497, and a 'tie transfer p;~ogram 1 409, 
fS0$4] The control meriuie 1 *Qi controls the eKeoution 
of the othsr modules. The user interface motiuis 1402 
handies Interactions with tne user. Tne usaas n-ssnagar 
moduie t 403 iinpaokages the aacure package 40 . it uses 
the consfp! data parser module \ 404 , the decryption mod- 
ss am 1 40S, f:he format modutes 1 408, and t ha saoumy me-ii- 
nies 1407, 

£8(J8S1 Tne farmar mociuiaa 1406 comprise program 
code, which is necessary to handis the data objects in 
their native format, such as decompression and data tor- 

& mai procedures. The security mocsufes 1-40? conipnses 
program coda reouirad so implement security acove -he 
tewesr iev<;i, such as access controi, usage comroi and 
mora sophtshca-ed dectypsion Shan what is ptovided Py 
tne basic decryption medusa }485. 

as £QG86j T'he user program 8 S can contain many difterent 
types of notnforroKi and security mcduies. However, they 
should ba eompiafnenmry witf; the -format and security 
modules used in She corresponding data packaging pro- 
gram:, Tha ijsega manager module 1 401 applies tS;e tor- 

■*n mas artd secohtv moduiee which are necessary to use a 
data ontect -and which are specifier! in iis ■controi data. ■? 
the properfom-iat and security mpduiss are not avatiapie 
for a particular data object, {he usage manager modoie 
1401 wiii nor permit any usage, 

•** |8Cf87] Tne dacryption moduie ;40tj can Pa the above- 
mentioned FilaGryp? Visuas Basse subprogram: or seme 
oilier epnimsroiaiiy avasaplis decryption pmgmm.. St can 
also be a cusie-m designed daesyp-icn moduie, Tha cniy 
reashoticn Is thai the depiypiten module used in she user 

as program is corRpfemsntary with the encryption module 
of the deS a packaging program, 
fjXi£8] The oontroi data parser module 1 403 performs 
She nwsrss process of She contra* data creation moduie 
304 in Fig. 3 

i5 Tne user progran; 38 cm have cede which can- 

trots use of She prpgram by password or by any other 
soitatjia rnett?od. A password may oe added in a ptsssr- 
word centres etement during papkeginp 0? she data opject. 
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Tm pmamts is frartferred fotfce user fey registered rem 
or in any other appropriate way, m response ■ to the pres- 
ence of the password control element in the control date. 
strue&SB, the ussr program prompts the user to input the 
password. Trie input password is compared with she 
password \n the control data, sod $ they maters, the user 
program continues, otherwise is is disabled. 
f0098| The user program 3Scan also have pr oosdures 
ssihieh after the bersavksr of the program (e.g. provide fil- 
ters for children} according so the cort&ot data of the user 
object 4 1 . Sr. is important to melton tnaf the user program 
35 rtever stares she c-jsject m native format m user aecss- 
8»i« storage arid that during pispiay of the dats object 
•ho print screen key is trapped, 
|0SS1| The fiie transfer program 1 408 tm transfer and 
receive fiiesvie network toand froroolherdata processor. 
(0032; Sifice me data obiest :s repscKagsb intc she se- 
cure package after the usage, the user program sheuia 
also iisoiude program coda for repackaging the date ab- 
ject The program code eosiid he she same as shat used 
in the corresponding datapaekegingprogram i &. ttcouid 
ojso bo a separata program which s osifsd torn the user 
program. 

£00931 The operation of as srooosifnem of the user 
program 35 vsiis now bo described with reference to -he 
block diagram of Fig: 14-arsd the flow diagram of Fig, IS. 
£60842 BrsJ the user receives a data package 40 via 
fiie wan#erovef a network, or on a storage media such 
as C&-RQM or distsfte, or by any other appropriate 
moans, step 1501, Ha tf»rt stores the data package as 
a fiie on his stefts processor, step 1502. 
|"009S| W h a rs the user wa sits to use the Para object fie 
starts hie nser program 35, step 1503. Than ha requests 
•jsags of tm date object, step 1504. The request is re- 
ceived by she user trwfaca wxJute 1402, which notifies 
the centre! mobuie 1 401 ofthe usage request. Thecorrtroi 
module 1401 calls the uaage manager module 1403 and 
passes the usage request.. 

|0888| The usage manager mopuis i 403 reads tine far- 
mot cods from toe data package jo determine the coi •troi 
data format, Then it caiis the encryption rrrodufe 1405 so 
decrypt ano extract toe control dsfa from the data pock- 
age. The usage manager moduie 1403 applies the de- 
ception moduie 1405 Incrernsntaify to decrypt only the 
centre! data. Finally, St stares the corsfro! data m niemory, 
step 1S0S, 

|OW?| Thoueage manager modtiie 1403 sheocaiis the 
centres date parssm-fOduts 1404 to extract tha basa fieids 
from the osage elomonts. 

£80381 The visage rnarsago; oio^sle 1403 then corn- 
panes the user roqo'sst for usage w?;n tho eorresponding 
corftmJdata. s!eps 1506-tSO/. if She fsonested usage is 
not permitseb in the oontfoi data, tsbe repuested osaga is 
disebfed, stop 1S0a. Howsva'r. if the requested usage is 
approved of in the cont roi data, the osage manager mod- 



ois 1 403 appsies any fosmat and secure modoies "t 406. 
1407 .specified in the header sate or usage data, steps 
1S09-1S14. to tho data psok&ga, 
[00SSJ Then the usage manager module "t 403 oaiis ths 

s desrypitort modote 1 405. whioh decrypts the ssbjera data, 
step iSis. whereafter she requesfad ysags ss enabiedi 
stsfi tSig. ^ oonnecticm miii the enatsling of the tjsage, 
ihecos-itroi data may. need to ba updatsd, step lot ?. The 
eons©! date may for instance comprise a data fiatd indi- 

?» oafisig a iimit ed number of usages, ff so, this data field is 
decrementsd by one in response to the snapiing of the 
usage. When the user has finished usage of she data 
object, tha user program 35 restores the data passage 
in the secure form by repackaging ih step 1St8. Mots 

>s parttsdiariy, the data objaot and the usage etemsrtts ara 
recorscaSenaied and rfsensrypEed. Then the header ele- 
ments ara added and the t hus-oreated package is stored 
in the jssers data procesisor. 



10100] A spacifs? s-xampfa of how the riser program 
operates wiii now be described vwfh reference ;» Figs 6 
ana IS, The exampss ts a continoation of Eitampia t 
;s> above, where an artist created an Image and ssof: it to a 
huiietin board. 

101Q1] Assume that a user has found the image at: an 
eiec; runic hiifehn board (88fe) end is intresteb ai usirig 
it. He then toads toe data package 40 containing the sm- 
a? age to his data processor and stores ft as a file in she 
tsu8c storage. The user men executes the user program 
35 and requests to preview the image . The user program 
than parforrm steps fo&S-tSO? a! the now diagram in 
Fig. 1 5. Ttie request for a preview of the image is com- 
as pared with the data field at tha usage Siemens "cube for 
usage type approved" . in mis esrampie, the sode des- 
igftafes that previews are permitted, Thus, the requested 
preview is OK, Then, the user progranvss performs step 
1809-1515 of Fig . 15 Since fiie forms; code 'a* .and She 
security code V a? tha header data indicate fhat nether 
conversion, nor decompression, nor security treatmeft; 
is reariirab, the dset program only decrypts the objsct 
data. The usage manager moduis '•403 then oisplays 
the prevsew or* she user's data processor and passes 
•** control Pass So toe user interface 1402. 

[81021 Wher> the user is fished previewing the image, 
tha user interface modnis 1402 displays the costs for 
usage of the image in accordance with the price usage 
data of the controi data {"price for single use' 1 and "price 
as for ijoiimired use" in Fig. 6} and prompts the user to enter 
a purchase request. The user decides to buy unlimited 
use of the image, and the user interface module 
inputs purchase information, such as an Ibemificaiion, 
Pitting, end address for that: request and passes toe re- 
55 quest to the centre! mediae 1401, The contra! module 
caiisthefiiati^nsferprograp^ao^wbschdiaUthearflsrs 
diai -up number as indicated in the usage data ("Controi 
element forartisfsphesie ndmPer" in Fig. 6; andtransiers 
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the request sncJ pLss-cns.se intonation to a broker pro- 
gram on s:ha artist's data' processor. Upon approval ofths 
purchase, the Profcer program returns a fife eoniairiirso. 
an upoare for "usage type approved* control elements. 
The updase is '"iO" tor tne usage type approved, which 
In tn!:s scampi,-? indicates ihat unlimited us-s by that user 
is permitted. Ths ?8a transfer program 1408 passes thss 
update so the usage manager module t4t»S which up- 
dates tfte control data with the "wsage tryps apps-oven'' 
code, The user interface module. 1402 ih«rt displays a 
•«ssifimratton message to tte user. 
pi03} Su&seouemiy, the user *nertaee module inputs 
a ratinest to copy r.he image to a ffte packaged seconding 
10 th«s invention, on She users mscnina. The usage man- 
ager module then compares the user request control da- 
ta. Jm usage manager module examines the data filed 
far "usage type approved*., write* now is *i o\ ix& usage 
manager module copfess the image to the fits. 
[0104J men ffte- user is finished with the image, the 
usage manager module 1403 repacKaoss she Image as 
before except with updated costroi data. This repackag- 
ing process is exactly ilka that shown in Fig. 4. except 
• hat the baederand usage data already exist, so the proc- 
ess stasis -after step 406 where controi data is created. 

|01 85] it the data object provider wants to impr w ■ ha 
security of a data package containing; a data ob]ea; a 
seourtty module 30? containing a sophisticated encryp- 
tion ssgomfcrn suoh as RlsA, eoutd be used, in that case 
ths packaging module 303 callsihe security msduie 307 
In step 412 at rhe fm osagram of Rg, 4. The security 
modus® e,nen/pts the image and passes a security algo- 
rithm cede to the control data creation module 302, which 
adds e control element tor the security module coda, 
which will be detected by the user program 35, That! the 
data packaging continues with step 4 :4. Whaa the date 
package is sen; to the user, the public key ss mailed » 
tna user by registered man. When the user program ss 
executed in response ;c a request for usage of This data 
object, the usage msnagermoduie will detect the security 
module code so tna control oata and call the security mad- 
use. This module passes control to the user Interface 
module 1 402, which requests the oserto input ths public 
key. if the Kay sscorraei, the user securin/ moduie applies 
compiemsmary decryption using that key and passes a 
usage approved messsgstothe usage manager module, 
which enables m usage, 

|0t 30] As another example of improved saosthty . a sa - 
ourlly module may implement an authorization process, 
aceo rd i eg to wh ion aach usage of t he Cat a ob lacS: requ i res 
a .dial-up tc the data processor of the data object provider, 
Wner: tne cot responding -securisy :T ; c>1uie cope is detect- 
ed by ths user program 35.. the relevant seoursty modnis 
Iscaiied. T'nls moduie passes e requsst tor authorfestion 
to the centre! moctuis 1401 , whsctt calis tne tiie transfer 
program 1 409, which diai the data object providers diai- 



up nyniPer, which is indicated trs a ysage eisrnam and 
transiers roquast for authohaation of usage, upon a 
granted autnorizaSors. the data provider's data processor 
returns a usage approved massage to the user seasmy 
s moOtffe, which forwards the approval t! tt;e usage control 
oiosule, wnich snacJss coo usage, if tne user rsguests 
further usages of -he tiata objact, the authorisation pmo- 
ess is repsafed. This procedures results in a permanent?, 
data oioject sacuhty. 

[StO?| A fuftfts r specific esampie of how the user pro- 
gram 35 operates wSff now be iiesenbed wtth reference 
>s to Fig, 18, The example is a oonfinuation of gxarr^te 2 
above, where a use;- purchased two viewfrsgs of a vicsso 
fiirr; frosT! a crofear. 

{81081 Tn® user wants to play the video which was 
purchased and transferred -rem the broker. The user ap- 
& pitss the user program So. step 1801. a no repuss's So 
play ifte video, step tOOf?, The usat pragrarn 35 first ex- 
amines tne user set of centre! dafaSD, step 1683. inthis 
example, She user program 35 coni&ins ttniy thttse forma; 
ano secuhty p-snduiss for adjects with fomiat code of 80 1 8 
its and with a security code of 0010. Consequent; y, nniy 
those types of data objects rnay be used. St the program 
acccursters other codes U wtis not enable the usage ac- 
tion, step 1804-1805, 

[StOSl Hsxt, sho user program 35 compares the first 
& corsttoi *iemem data which is 1. Sor educaiionaS users 
cniy, fc user informafiors entered by she user on request 
of the user program. Since tne user type entered by the 
user is the same as that inioased in the first usage eisment 
the process continues, steps th-38-1607 Then the user 
es program checks the second control eferasnt data which 
specifies mat the number of plays purchased is 2. Con- 
sequently, the usage is snabied, step 1803, The user 
program applies the decryption rnoouie with She universal 
key and the AVI forma; video is displayed on the display 
*5 unit 29. 'Then, the second control element data is decre- 
mented by or;e i stsp 1010 Finally, the video is rapack- 
aged, step IS? 1 

impien-ssntahors of Variable and c-xtansibia Ob{sof Car>- 
hi; 

[Cf 1 1 0] Osject controi is aehsavod thrcugn the interac- 
tion of the data packaging program IS and the usage 
program 35 with the eofflroi dsfa, variation of odiect con- 

■40 rml nan ne applied to a particular object by creating a 
controi data format with controi elements defining the 
control variation and She circumstances in which the var- 
iation is applied. Program procedures should than be 
added to program modules to process the controi ale- 

is ments. For example, suppose a broker wants to allow 
students So prior a particular article Sor tree out reouire 
business users to pay for it. Fie defines eerttroi elements 
so represent she usertypes student and possess and the 
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associated coats for msh hs men aads.prograrrs iegle 
to examine she usertype aride&Soyiate costs accordingly. 
Object control ts extensible in: the sense mat me control 
data ■format cso have ss many elements asthsrs are 
parameters defining the rates tor object oornroi. 

SftpSementatien oi Variable atsd gxEens&te Ot?ject Se- 

£tiii&; 

£011 1J Object security ts also achieved through the in- 
teraction o? the data packaging program t & aad the user 
program 3S w;th the control data. -Security process and 
sncryption/aacrypfion aigorsthnis can fee added as pro- 
.gram modite. variation of object security can oe applied 
to a psnscofaf object ssy creatine- a coraroi #m formal 
with eootroi elements defining the security variation and 
the eiisumsianc&s <« which the vaKSiiQP is applied. Pro- 
gram procedures should be- added to program modules 
B> process the coctroi elements. For esssropie, suppose 
a broker wants to apply minimal security so his eoifsctien 
of cumm news stixAm bos to apply tsgitf security to bis 
encyclopedia and tests books. Ha tisfinas a control ele- 
rrsara: for security type. He then auds program iisgfe to 
apply the security algorithms accordingly. Object sec urity 
is emnsfbte m hie sense that multiple ievete of sscurisy 
can be applies. The level of security wiii of course be 
dependent on 'he encryption/key method which is impis- 
meftted. to the security modules, Orse. ievei of security 
way ca to require online confirrnation when ioacfcig a 
oata o»ject to tne user's data processor. This can be 
irripiemsctsd m program code m a security module. 'This 
permits the brokerto cheek shas the object has not aireacsy 
aeon ioadoo as west as double -check ail other parame- 
ters 

12] ft is also important to have ysrs:ot> control with 
time stamping Between the usage program and the users 
controi database. Otherwise the database am be dupli- 
cated and reapplied to the user program. The user pro- 
gram can piece a time stamp in the centres database and 
in a hidda tj system m each time the control database ® 
accessed, if the time stamps are not Identical, the control 
database has been tampered wsm warn usage ts bis- 
abisa . PirograsTi cods tor fsaeriiing tiros stamps oao msicfe 
:r( a security srsodois. 

P113} A cotripoeise ooject can fee haiidisd by dsfiriitsg 
a oohtiof data format with confrci eiements defining re- 
larioasnips sjetween consrirLieni o&Jects and fey defining 
a parentfShiid eSemsfft arid a related objac; id etemerii. 
Forexareple. sijppBse a oratef waote so leoiiide s video 
sod a text book in an educations! package. Ha create* 
ts paroe; r>bjeci W«h control oiernefisa res'srring so the vid- 
eo ar«i Se>dbQ0k objects, i-le atso irieiiides control eie- 
tnersts in tee controi data for the video cbjsci and the 
textbook object riiferrifig to she parsr>t obisc-. Finally, be 
adds program procedures to orogran-t medciea to proc- 



ess ■m ccmrol eiemefits. 

|8114] m ottter words, wbso the data object is a eom- 
posite daia object indMtoQ at least two corssfifuent data 
objects, a respective general ss' of consroi dafa is created 
s foreach ct-the cotisiitwentdsi&otsisct and trie composite 
aata object, in rssponse to a request from a ossr, a re- 
spective user sat of co-ifroi data is created tot each of 
she oonssisuerti data objects as well as for the composite 
dam object. 

«» [&11S] Examples of various data package siruoturss 
for coreposfte objects are givers in Pig. t?. 
[01 1 6] Af»ther side of composite objacts is wmn the 
user wants to combine data objects for some particular 
use. Combination is a usage aotiou that most be petmft- 
■ ted in each constituent data ooject. A new data object is 
creates wisn camroi data Sinking the ooifsiitueet: data .ob- 
jects. Each, eonstsuem data object tm&m m originai con- 
troi dats wbioh continues to control its Bubseooent us;sge. 
(81 1 ?} When a user requests authorisation for usage 
» of one constituent data object in aoomposite data object, 
s user set of controi data is created only for that cooittis- 
uenr data object and corseatertstss oasy wstt-s a copy of 
ihaficonstrttient data ot3jsct 



[01 18] Tne tei&ie control data structures and modular 
progtam structure permit almost boundless e.xterisiblilty 
witn regard to irnpfor-nantafloc of the owner's require- 
so ments for usage conitol and royaity payment, 1'he control 
data, structure can- icoiada centres eiememstpreempfek 
uaertypes. usage types, re-jfripie biiiitig schemes, ertistlo 
or ownership credit requirements and others. Security 
moemies car? be irtciudea-v^tch'srssersct-wl}^ any variation 
ss of she controi date structure and the control data. Security 
modules could require a dial up to tne brokers eata proc- 
essor to approve loading or usage taxions and to Intpia- 
ntent approval authentication mechanisms. 



(S11S] a lasted or m implementation of the broker's 
cata packaging program can be impsemented on tne us- 
er's machine to permit further distribution or reselling. 
■** However, only those data objects with control data per- 
mitting further distribution or reselling are enacted in that 



$112®} An author of a data object may want to allow 
his origins: brosicr to distribute his data objec to other 
brokers whom wiii also distribute his image, He shen in- 
cludes a control element which enables rebrokenng ;n 
S5 ine control d;sfa before distributing ihs data obfaot with 
its. associated oontrof data to the originga! broker. Upon 
request for rabrokering, the orlgioal broker copies the 
general set at control data and updates the copy to create 
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ausersef of oomro^ata which wiiitimcBOR ast^s gsiisi-gl 
set of control steta on she subsequent brokers mm proc- 
«ssor> T he original broker packages me <sata op)e<3 witn 
the user set or mama date, and transfers the oacfcags to 
lbs subsequent broisef. The subsequent broker than pro- 
ceeds as if he wars an angina! broker. 

|0121 j This as an example ©f tt&ti the preKSetaiwiined 
oondiiions far usage included in the comroi csssa can be 
used for achieving automated ijsssosaclion n«gosiatiers, 
|Q122| Suppose some' company wnats to provide a 
computer automated stock trading. 8uy and soil ordsrs 
could be iflvptameoted in tfcs fcmt of data packages and 
a user program could process the data packages and 
execute transactions. Dais packages -coosd carry digits; 
cash and manage payroaftt based on eondsrioris defcnaa 
In the control dam 

1.0123] in this example, she auy order is creased using 
a data packaging progrsn t accorolng to the cnveraron on 
the ouyer's data processor . -The sen order « created us- 
ing the data packaging program on she seller's data proc- 
essor. Both orders are used by the the user program <#s 
the stock trader's data processor. The usages wen kt take 
the term of using a ssli ©refer data package to sell stock 
and a buy order data packago m buy stock The rules or 
conditions for buying and setting stocks ecu id bo indicat- 
ed in the consroi data of the packages. The data object 
consists of d:gttai snorsey. is this context it is important to 
mrmsm thai digital money s merely mx& wwch mr«- 
onKesreaiiiTioneyorvituairaoneyteatis issnadandnialtv 
tsiiiad for she purpose of digital transactions. 
{0184] in this example She buyer starts with a digita: 
money data «e. Ha uses ma data packaging program to 
oreata so ntro: data, e.g. kind of stock, price, quantity, for 
the purchase, and ha tr»n packages the digital money 
data .file and ins eoniroi data into- a secure package as 
described above. 

|8tZS] "The seller starts wish an empty data fiie. This 
ompiy file is analogous to the digita: money data fiis ex- 
cept it is empty. The seller creates control data, e.§, kind 
et stock, price . go ants?/, and packages she empty fife and 
the control data into a secures package. 
|<m§] Bosh she sail order package and the suy order 
package a re transferred 10 the data p roosssor of the stock 
trading company, where they are received and stored In 
the memory The user program of me stock trading com- 
pany examines me control data of me hoy and sell orcter 
packages in the same way as has been described above 
and looks for a match. Upon identifying matched buy and 
sell orders the user program executes a transaction, 
whereby fbs digits! money is extracted from the buy order 
data passage aridiraesfsn-ao' to too seii orgm' package- 
Then the control oata of She dafa packages is updated 
to provide an mm. am. Both packages are repaokafed 
in ths same mannat as Ynef ware pretriousiy packaged 
and ibeh tratisfs-Tsd oacK m their aotnors, 
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ptZ'ft The above deaori&sd taohnisius could bs used 
for sailing and S«y tag any ©sjeet as waii as for ayi:omatsd 
nsgotiaSions, Payment rosy be carried out in oiiter ways 
than by digital money. 

* [01 28} i a the generai case, the data procsssor of the 
user decrypts the usage cootro: sismsnts of ths user sets 
ef contra! data end examtass the usage oofitrof elesrteots 
io find a majots, fa response to she finding of a match, -he 
user's data processor carries out an action which isspec- 

?» Itied in she user set of comroi data. 



>* 1- A method for managing a data odjeot sc as to cornpiy 
wrt?? control condiifons for ijsage oi tne data objoct 
t"24n comprssifig ths steps of: 



storing die data object 1 24; in a memory desffce 
i j I ), whsta it is accessible by means of a data 
object provider's aafa processor i t 0); 
providing a vanafeie number of cam® (mat- 
tiotts tor usage st-the data object; 
providing, by said data processor tl 0 ?, a gsnsral 

as ssf a? cmiwi data (501 far the data abject (24j 

bassd on said variable number of control con- 
ditions for usage, said general: set of control data 
comprising at ieass one or more usage control 
sismeras defining usages of ths data object $245 

do v? bich comply with said var iabie number of con- 

troi condlficria, and an identifier which uniouery 
idanrifies the ganssal set of conta)i aara (5Q); 
stonngs&td general set o? control data {50) tn a 
memory device {11|, where it is aceessinie ey 

ss said data processor MO); 

concatenating [VMi] the ganorai set of control 
data iSOs with a copy of the data cshject {24); 
enorypring a 008) the copy of ths data object 
(24t ana said one: or snore usage coniroi els- 

■*o men's to create a secure da!a package wNc» is 

ready for transfer to a user, and 
creating a sseansy ecmrot efemsnt which re- 
quires that a user program must contain a spec- 
ifies key or password to enable decryption. 

2. A method for managing a data object so as to comply 
with predetermined conditions tor usage of the data 
object (24). comprising the steps of; 

as storing the data object- {24) m a memory rievice 

(i t), where if is accessible by means of a daia 
oojeet provider's data processor {tQJ: 
creating, by said data processor s10t, a gerssrai 
set of control data ;50) for tne dafa object based 

i5 on saia predetermined conditions for usage. 

said gee-eras set of contra! data composing at 
least ane or mora usage coniroi eiatneets defin- 
ing usages of the data object which comply wtth 
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■smd predetatmised cwaKiens; 
storing said gamm set of control data {SOV in a 
memory dewca utii wnera-8 is accessible by 
said data processor; ' 

concatenating ;r0O8) tte gsnsrst sat of control 
data {SO} with a copy of jhe data oPjact: and 
ancfypiing { -1003; a; isast the espy ot the data 
object (24s and said orte or more usage control 
atefnsrjtsto create a secure (tern package which 
is rsaay for mnmrta a user. 

3.. A srwjhcsd as claimed in Own? 3- wherein the step of 
snefyptiftg coniphses encrypting she data ooiect atta 
•me generai set sf control data. 

4. A method as claimed in Ciasrn .? or Oasm S. vvherem 

tna step of creating con-rot data ©owisss otastirta; 

an identifier which uniquely identities: tne genera! set 
of control data, 

5. A method as claimed in my sr Giants 3k>4, whamm 
ess step oteraatatg a genera* set. oteontrot data com- 
prises creating a seajntycomroi element whsch stan- 
litis® a sscufijy oracese to m applied bsfora usage 
of the data object is allowed 

6,, A nsmhod as claimed -e soy of Oaims 2 to 6, whceln 
the step oteraating a gees rai sat of control data cam- 
poses creating a f onrrnt central element which iden- 
tifies the fwrsat of ths somroi data. 

7, A method as cia-srosd m any -of Claims 2 to 8. com- 
posing the farther steps ot; 

ereahng : sh response jo a request for authoriza- 
tion for usage of tbe data object »y a ysar. a usar 
set of control data, which comprises at least a 
subset o? the genera! sat of control mx&. wsod- 
ing at teast am of sad asaga canted elements; 
using ths user sat of control data mstaaa ottos 
general sst of control data I?) said concatanasina 
step: 

using tna at feast one usage central element of 
the user sat of control data Instead of the one or 
mot© usage control elements ot the genarai sat 
of control data tn the encrypting step; 
checking, batons allowing transfer of m data 
packsga to ths usar, that said mooest for au- 
thorization for usage o! the data object has beer? 
granted, 

8. A method as claimed in any precedmg claim, feather 
composing the steps of receiving in said data proc- 
essor tns request: for authorisation for usage by a 
user; caropadng the usage for whien atsthsrizaiion 
■s raquessed with s«id one or mors usa^e control 
eiems«ts of ths gensral mi of eaoird data arsd grant- 
imp: the aumonsason if tbe usage for which aumon- 



23fion is :^qaestsdoompiies with the usages dsfinsd 
by said one or mm usaga control siomsnts, 

S. A method as claimed in Claim 8, further con-ipriaing 
s the step of securing payment tor the requested au- 
tharsatlorj t&r usags bsfara granting tne aythohsa- 
tion. 

10. A matnod as claimed m Ciaim S orCiaim 3 % whera;n 
the data mum is composes ot at least two constit- 
uant dais obiects and ^neratn i he user act o? control 
data, sn response to a request for aumcih^ation for 
usaga of one of said constituent data obsects dy a 
user, is ereasssd onty for that constituent data object 

: and ooncatenatad on v wttrt a copy ofth^ const i-oent 
data object. 

1 1 . A faathoa ae ctalmad irt any of Claims 8 to 1 0, whera- 
m tha data provscier's data processor is oorineotad 

^- to a data nenvofx and tna nsonast '"or aufhci^at'On 
fa receivsct from a aasa processor of me usar. w;)ioh 
is also cortnsaeo to the data natworsc furtner com- 
prising ttte sieo of transhsmng the data package 
though the data nesworK to the user s data orcoes- 
;is serr. 

ts. Ar^etnon acclaimed ■?} any otCtaims8ia i t.whce- 
irsf he data object is aeompossie data ooject including 
at least: two constituent data objects and 
>» wherein ths stao o- creating a generaf set of control 
data cenip nses tna step of creating a raspsoave ga n- 
arai set of conirot data for each of the constituent 
data objects and tna composite data obieot and 
wherein the step of creating a user sat of control aara 
cosnpnsss ths step ot creating a respeotr/s user-set 
of comn'jiciefaior each ntdhenonsthuem Oats obiects 
and the composite data object. 

13. A method as ciasniCd in any cf Claims 3 to 1 2, com- 
*? prising the f odhar step of stonng a copy ot tna user 

set of control da-am ma data objects provides proc- 
essor. 

14, A method as claimed in any preceding claim, cortv 
•** prising the f intner sf:eps of: 

race-virrg the data package in a user's 'data proc- 
essor- 

storing the data package itt a memory device 
-so where if is accessible cy means of the users 

data processor; 

decrypting aaid one or more usage control sia- 
menfs; 

checking, in response to a request cy tne user 
5* for usage of tfre data otslect. whether the re- 

quested usage compiiss with the usage defined 
by the at ieaaf one usage central element of the 
genera! set of control data; 
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sfcscryisiirsg, m response 'to the rsquestss usage 
complying with the usage dofinsa by the at least 
one Issagsi control element o? the general set of 
centra data, the dafa ©bjaet and enabling -he 
requested usags, otherwise disabling: it. 

IS, A rrsstel as; (Mm&H in any of Ostium Sto 13, com- 
prising the further steps of: 

receiving the data package ir* a user's date proc- 
essor: 

stom§ toe data package «t a manory device 

where it is aecesslbie by means of the user's 
data processor: 

decrypting the at ieast one usage centres >sie- 
msr* of-tfte user set of control dais; 
enecKsng, m response to a request by tfcs user 
for usage of fire data obtect, whether she rs- 

bytne a; least one usage comrof element of the 
usor sat: of cofisres; data; 
decrypting, in response in the requested usage 
complying ««m ihs. usage defined by the at least 
one usage oemr©! siemstii of me user setof con- 
trol data, toe data object an« eoahiiog. ton re- 
quested usage, oinerwlse disabiing It. 

18, A reetrsod as daimed in Omm 14 or Claim IS, com- 
prising the tnrthersieps ot njconcin coating, atterfns 
usage ot the data object, the data object and the one 
or mere usage control elements, reenoryprjng at 
ieast the data object: and she one- or mom usage con • 
tret elements, andsforlng m thus-repackaged data 
package in the memory ot the user's data processor. 

1?. A nierhod of confroiling the usage of a data object 
so as to comply with controi conditions for usage of 
■he o'ata nb;eet. where the data ob:ees is contained 
within a data package comprising said data object 
and a set of centres <sata, said m. ot oontr&s data 
comprising, as: least one usage control atemani: de- 
fining a usage of m data ooject mm compiles with 
control conditions for usage ot a data obiec;:. and 
said ear of control data comprising at least a controi 
data identifier which uniquely, identifies she .m. of 
controi data, and where the data pac-sage is secure 
as the data object and usage control elements of the 
set of control data nave bean enecystsd, me method 
eompdsing: 

checking, in response to a request by a use? tor 
usage of the data ofojera, whether the user pro- 
gram contains a key or password specified by a 
security controi nismont ot saio data package, 
and 

cheesing whether the requested usage com- 
plies with the usags defined by roe at ieast one 
usage controi clement of the est of control data, 
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and 

in response to the existence of she specified key 
or password, and in response to lbs requested 
usage complying with the usage defined by the 
s as feast one usage controi element of the set of 

control data decrypting the data object and en- 
abling the requested usage, or otherwiso cfea- 
biing if. 

18, A method for consroiiing the usage by a user oi a 
data object so as to compfy wifb predefefnisned con- 
ditions for usaga of fba data object oomprising ihe 
steps of: 

f» storing a data package In a memory device. 

Wh&re if is -acsessfote by means of a data o>f jo- 
essorcf the user, said data package comprising 
the Ms object and controi data^ which compris- 
es at ieast one usage controi eiament defining 

®> a usage of tne data object which connpiies with 

the predetermined conditions, ihe data ofjject 
and said at ieast one usage controi element ns- 
ing encrypted: 

receiving a request by the user for usage of the 
ss data object: 

decrypting the control data; 
checking, in response to the request by the user 
for usage of she data object, whether the re- 
quested usage compfies with the usage defined 
s> by the at ieast one usage controi element of she 

controi data; 

decrypting, in response to the requested usage 
complying with the usage defined by the at ieast 
one usage controi element of the control data, 
ss the data object and enabiing the requested us- 

age, otherwise disabling it, 

IS, A method as ciainted in Ciaim 18, wherein the usage 
ConSfOi sterner" is updated after the usage oh ihe 
*J data object. 

M, .Method as cisin-ssd in c-iain-. iSorCia-T ;y wha-s- 
ir> s«:d conrroi data comprises an ind'oehon o' the 
nunioer of times the use? t$ autnorsect to use tne 
*J data ob:sca in acco:-dance *tth sa:d rf 'east one user 
cotnro; eistT!:tnt: wiiarein ttse >'&quas;aa usage of the 
data oniect fs oniy enables when said number ot 
times is ons or room: and vsharesn sate number of 
times :s ceeremenfed by one when tne requested 
■S» usage -s enaoied. 

gt. A method as claimed so any of Claims 18 to 30 
wherein the controi date comorise a security ooreroi 
eiemenr, and iunher cor-nphsing tne step of carding 
out, before each usage of me data ofosea, a seoun-y 
procedure dehred :n the seounry controi eisn-ienf 

.22. A memod as oiaimad ir> any of Claims 18 to 2t , 
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wherein the step of checking whether trie requested 
usage complies with tha usage defines! by the at least 
one usage control element campuses the step of 
checking that the users data processor is capable 
sf carrying Oct the security procedure specified *s 
the security confttrf element of she user set of centre! 
data, smi if disabling the usage. 

23, A method as claimed in any of Cla&rss 1 3 to £2, com - 
ps-istfs g the iitfmf steps or reconcssenatirsg. altar fhs 
usage of {he data object, she data object and tnaoaa 
or mors usage control eiaoieras, reeoorypfing at 
ieast the dasa obscr and she one or more usage con- 
trol elements, and storing the thus -repackaged dais 
package m the msmory of she tigers eats processor, 

24, A system for m&nsgrrsa a dais, object (245 so as to 
comply with control conditions for usage, of me data 
obsaet. ; eofepdsing: 

means farpfovidiog a vahabte number of control 

conditions: 

first means (304! |« the sSata objea prowler's 
data oi-ocessof for providing a genera! set of 
control date for the data object based ors the 
vadatsie numbs" of control conditions for usage, 
ease genera; set of control dare comprising at 
feast one armors usage corstroi elements defin- 
ing usages of tne data onject ;24; which corop iy 
with the variable number of eorarcsi conditions 
•ana en MmMm which uniquely 'mtffim the 

general set of control data {SO}, 
storing means (i i), which era accessible fcy 
means a! said data processor, for storing toe 
general set of comroi data; 
security modules {,30?} for paff orroing tna secu- 
rity prooedur e defined by th e security control el- 
arrtent m she data object (24}: 
concatenating means for concatenating the 
general set of centre: data wish a copy ef the 
data object: and 

encrypting means (38St for encrypting the copy 
ef she date object and as ieast said one or more 
usage corstro} elements to create a sscsjve data 
package, which is ready for transfer to a user, 

wherem control elements within said general set of 
contra! data eonsroiiing usage of the data, object ■con- 
tain a security element which reqnirss tnst a user 
program must contain a specified Key or password 
tc enable decsyption. 

25, A system of controlling she usage ot a data object so 
as re comply wife centra:: conditions for usage of She 
data object, wnere the data sbject is cor -tained wiihln 
a data package comprssng said data object and a 
•sstc-fcomrotdata, said setof contmtdatacomprtelag 
at least ona usage control element defining a usage 



of the data object which complies with control con- 
ditions tor usage of a data object, and seld set of 
control data comprising at feast -a control data Iden- 
tifier which uniquely identifies the set of control data, 
s and where the data package is saeute as She .data 
object and usage control elements of the set of con- 
trol data haye been encrypted, the system compris- 

?e checking means for checking whether a near 

program contains a key or password sissecifiod 
dy a secu-itv' control a:emeni of tnesat o ; ooritroi 
data of 'he; o'asn package, end for checking 
wihasher a req;jest by a user for usage of the 

: data cbjecS compiles *(Sh tna ossea defined ssy 

tne as least one usage oontrui elafnens of the set 
of control data. 

decrypting and enabling means tor decrypting 
trte dasa object and ensbimg m rsguestad «s- 
age sn response to sne esossence ci me specked 
key or password mH whan she requested usage 
ccrnpiies ¥*>'!tn the osage defined sy the at least 
om usage control element ot the set of control 
data, anci 

;x» Oisabiing means for disabling me requested ua 

aga when the requas-ea usage dcas not comply 
wifhthe usage de'ined by me 31 least one onega 
contro; aiemers; of tne sat 0? confro! data, 

& 88, A sysseni for managing a oafa object so as to comply 
with psedetem-sirfed conduces for usage of she data 
object, comprising: 

first means in the dara object pfovlctar , s data 
;ks pj-oeessor for oraating a general set of control 

date for the dais obtens: based on the predets*- 
mftted oonditioRS for usage, said general eat o? 
eontfoi data cos-npesing at ieast one or more us- 
age confroi elements defining usages of the data 
■*n object wbion comply wish tne predetermined 

conditions; 

storing msans, whicn ace accessible by means 
0? said data processor, forssonog she aafa object 
and she general set of control data: 
*J ccnoatenating means tor concatenating me 

general set of control data with a copy of the 
data object: and 

encrypting means lor encrypting she copy of the 
data object and at ieast said one or more uaage 
AC contra- elements to create a secure ctara pack- 

age : which ss ready for transfer x> a user. 

27, A system as clelmed in Ciatm £6, fuitharocmprising 

i5 seosjnci means in said data processor for creat- 

ing, sn response to a request for authorisation 
for usage of rhe data object by e user, a iiser set 
0? control data, which comprises at least a sub- 
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•set of the §gfwal est of confer dsta. whten sub- 
set comprises at Isas;: one of said usage canted 

«S8?TSS:5fSC and 

checking mssns in said data processor 'for 
cheeking tb&t sssd request far asithorfcaiionlor 
usage of she data object has dean gmolsd be- 
fore allowing fransJsf of ths data package .jotfts 
user, 

2$, A system as cfaimas {« Claim 26 <sr 27. whsrefri the 
generai sat ofcontfoi dais comprises aeoritroi dais 
sterner* wM<8j dat^es the righS So fodhsrolstrlbutfen 
oftha data objecf by the user. 

29, A sysrem forconteoifeog the usage oy a user of a data 
object so as to comply with predstermsnscf conditions 
for usage of the data o^sct osm^wng; 

storing means for storing a data package wrvers 
oon-c»ses a aata object and a conmai data com- 
prising a; isaas «o* usage control eisu sent de- 
fining 8 usage of the data object which complies 
with iSse predetamisaeo conditions;: 
means for decrypting the as seast one usage com 
;xoi eiemerrs: and ins data object; 
cheeking means tor cheeking whatner a usage 
neauestod byths osin'eompfias wifrphs usage 
deiirreo »y said at feast ens usees centra! aJe> 
meat: 

en&fimg means tor enabisng jhe tss&ga reqnest- 
ad av ins ussj wnen the ysage camples v.-m 
ins usage defined by said -at fees* one usage 
contra! Siemens; and 

uisaniing meaas for Otsaniing the usage ra- 
asjesssd by ine user when rha usage doss not 
ennipiy witti rha usage defined by safes at least 
one usage control element, 

30, A system as cteimsti in Giaim 24 or Claim 23. further 
comprising mas^s fof repackaging toe data oojaet 
ati;er usage- thereof 

31 < A method for coatcotSifig the usage by a user o? data 
objects so as to ccrapiy with predetermined condi- 
tions tor asage of tha data objects, comprising the 
steps ef: 

storing at isasttwo das a packages in a meowy 
device, where they are accessible oy a data 
pracsasar af the user, oaan said o'ata package 
eemprismg a datasheet and a esarset of control 
oaia. which con-pises at iessr oae usage control 
element defining a usage of she data oldest 
which camples wi*h toe pretfeterroinad condi- 
tions .tSiss data obiso; and s;aid at iessi one usage 
controi elements being encrypted; 
ueotypiing tbs us;age control eierasnts o? she us- 
sr sets of control data: 



exao'sinlng trta usage cont«si aiefrsenss o? s&iei at 
iaast tws ciata packages to find a match; 
using, in rasponsa to the finding o' a match, ;ha 
data processor to carry oat an aeaaa wnich is 
s specified in tiia user sets; of coiitroi da;a. 

S2. -A maSnad as ciasmad in Claim 31 , corrsprisiifig She 
foslhar steps oS cpdstiag trse usage corsiroi eieraent 
of each data oadcage, racoacaraastiog attar the us- 
?« age of the dais oateets, eacss of the data abject and 
fta t.ssage confroi tJiomcot. racncfyptiag each of tne 
coocafanatad data objects ar<d its asags codiroi el- 
eraont ano traosfefring ihe repackaged data oojacts 
to -heif creators;, 
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